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~ The MAILING DATE of this communication appears on the cover sheet with the correspondence address ~ 
Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a), In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 
• Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 

Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1 .704(b). 

Status 

1)13 Responsive to Gommunlcation(s) filed on November sf^. 2007 . 
2a)l3 This action is FINAL. 2b)n Tfiis action is non-final. 

3) n Since this application is in condition for allowance except for fomrial matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 1 1 , 453 0,G. 213. 

Disposition of Claims 

4) M Claim(s) 2.3,5.6.9.10 and 14-23 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn froni consideration. 

5) n Claim(s) is/are allowed. 

6) S Claim(s) 2.3.5.6.9.10 and 14-23 is/are rejected, 
?)□ Claim(s) is/are objected to. 

8) 0 Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) n The specification is objected to by the Examiner. 

10)n The drawlng(s) filed on is/are: a)n accepted or b)n objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 

Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 
!!)□ The oath or declaration is objected to by the Examiner. Note the attached Office Action orforni PTO-152. 

Priority under 35 U.S.C. § 119 

12)S Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 
aM All b)n Some * 0)0 None of: 

1 Certified copies of the priority documents have been received. 

2.n Certified copies of the priority documents have been received in Application No. , 

3,13 Copies of the certified copies of the priority documents have been received in this National Stage 
application from the International Bureau (PCT Rule 17,2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 
Claim Objections 

Claim 9 is objected to because of the following informalities: Claim 9 recites "the 
program comprising : instructing..; performing...; generating...;". Exerminer suggest to change 
the language for this limitation 'the program comprising' to 'the program causing the computer to 
execute a step comprising* . 

Response to Amendment 

1. This Office Action is in response to applicant's communication filed November 8th, 2007. 
The Applicant's remarks and amendments to the claims and/or the specification were 
considered with the results that follow. 

2. In response to the last Office Action, claims 2, 3, 5, 9, 10, 14-16 and 19-22 have been 
currently amended. Claims 1, 4, 7, 8 and 13 have been canceled. Claims 11 and 12 have 
previously been cancelled. Claim 23 has been newly added. As a result, claims 2, 3, 5, 6, 9, 10 
and 14-23 are now pending in this application. 

3. Rejection of claims 1-7, 9-10 and 31 under 35 U.S.C, 101 has been withdrawn. 



Response to Arguments 

4. Applicant's arguments filed September 19, 2007 have been fully considered but they are 
not persuasive. At pages 12-14, concerning claim 2, Firstly, Applicant argued tha t Subramaniam 
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does not describe "making, in the proxy process server apparatus, a database process request 
to a database access control apparatus, and that the database access control apparatus 
performs a process on the database in response to the database process request from the 
proxy process server apparatus, and sends a process result to the proxy process server 
apparatus. 

As to the above argument, Examiner respectfully submit that Subramaniam et al. teaches, 
'making, in the proxy process server apparatus, a database process request to a database 
access control apparatus (see e.g. Fig. 1, refs. 112, 104 and 106 and col. 8 lines 13-46, note 
that a initial request for access to the target server), and that the database access control 
apparatus performs a process on the database in response to the database process request 
from the proxy process server apparatus (see .e.g. col. 9 lines 44-67 and col. 10 lines 1-19, 
note that proxy server corresponds to transformer have caching capability to perform the 
process), and sends a process result to the proxy process server apparatus (see e.g. col. 9 
lines 32-35, note that transmit Web Pages, file' refers as 'process result' to the 'border 
server" as 'proxy process server")'. 

Secondly. Applicant argued that." Katano Guthrie does not describe that a database 
access control apparatus determines whether an access key the same as the access key 
received from the proxy process server apparatus exists in the storing part and executes an 
access to data in the database within a limit permitted for the user ID corresponding to the 
access key only if the access key exists in the storing part". 

As to the above argument. Examiner respectfully submits that Guthrie et al. teaches, "the 
access key being generated by the database access control apparatus based on a user ID of 
the user apparatus (see e.g. col. 5 lines 51-64 and , note that 'communication session including 
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user ID* refers as 'access key' is stored session data, where database server accesses 
the information of session data and stores in a context 'data structure' refers as 'storing 
part')". 

Subramaniam at al. teach all limitation for claim 1 . However they do not explicitly show 
that 'the access key being generated by the database access control apparatus based on a user 
ID of the user apparatus'. The SSL protocol uses session ID to communication. The session ID 
is the access key as in claim 1 , by using SSL reference, because the Subramniam et al. 
implement the SSL protocol. 

Claims 3, 14-16 depend on independent claim 2. Each of the identified dependent claims 
are also rejected. 

Claims 5-6 and 17-19 are rejected for the same reasons as claims 2. 
Claims 9-10 and 20-22 are rejected for the same reasons as claims 2. 
Claim 23 is rejected for the same reasons as claims 2. 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all obviousness 
rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, If the differences between the subject matter sought to be patented and the prior art 
are such that the subject matter as a whole would have been obvious at the time the Invention was made to 
a person having ordinary skill In the art to which said subject matter pertains. Patentability shall not be 
negatived by the manner in which the Invention was made. 
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5. Regarding claims 2, 3, 5, 6, 9, 10 and 14-23 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Subramaniam et al. (Patent no.: 6081900) in view of Kitano Guthrie et al. 
(Patent no.: 6606627 B1). 



Regarding claim 2, Subramaniam et al. teach: 
A database access control method for performing access control on a database in response to a 
request from a user apparatus through cooperation between a database access control 
apparatus and a proxy process server apparatus (see e.g. Abstract), comprising: 
sending, in the database access control apparatus, an address of a usable proxy process server 
apparatus to the user apparatus in response to the request from the user apparatus (see 
e.g.col.3 lines 19-33, col.4 lines 45-50 and col.5 lines 38-49, note that in the 'secure network 
servers* refers here as 'proxy server within the border server* and clients are connected by 
IP link); 

connecting the user apparatus to the proxy process server apparatus of the address to make a 
database access request (see e.g. col. 4, lines 58-64, note that user makes a database 
access request); 

making, in the proxy process server apparatus, a database process request to the database 
access control apparatus according to the database access request from the user apparatus 
(see e.g. Fig. 1, refs. 112, 104 and 106 and col.8 lines 13-46 and col. 6 lines 61-62, note that a 
initial request form the client ser for access to the target server); 

performing, in the database access control apparatus, a process on the database in response to 
the database process request from the proxy process server apparatus (see .e.g. col. 9 lines 
44-67 and col. 10 lines 1-19, and lines 5-35, note that proxy server corresponds to 
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transformer have caching capability to perform the process), and sends a process result to 
the proxy process server apparatus (see e.g. col. 9 lines 32-35 and col. 9 lines 44-56 and col. 10 
lines 5-35, note that transmit Web Pages, file' refers as 'process result' to the 'border 
server' as 'proxy process server*); and 

performing, in the proxy process server apparatus, an additional process on the process result 
sent from the database access control apparatus (see e.g. col. 10 lines 20-66 and col. 1 1 lines 
1-13, note that performs an additional process), and sending an additional process result to 
the user apparatus (see e.g. col. 1 1 lines 14-21 , note that sends the result for additional 
process to the client); 

sending, in the user apparatus, the access key to the proxy process server apparatus when 
making the database access request to the proxy process server apparatus (see e.g. col. 1 1 
lines 40-67, note that 'session identifier" refers here as 'access key') ; 
sending, in the proxy process server apparatus, sends the access key to the database access 
control apparatus v\^hen making the database process request to the database access control 
apparatus (see e.g. col. 8 lines 47-57 and col. 11 lines 65-67) ; and 

determining, in the database access control apparatus, whether an access key the same as the 
access key received from the proxy process server apparatus exists in the storing part (see e.g. 
col. 8 lines 47-57 and col. 11 lines 65-67 and col. 12 lines 33-46, note that border server 
notify user if ' access key' refers as user name and password' are validated by the 
authentication system within the secure network) and executes an access to data in the 
database within a limit permitted for the user ID corresponding to the access key only if the 
access key exists in the storing part (see e.g. col. 10 lines 56-67 to col. 1 1 lines 1-2 and lines 
34-39). 
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However, Subramaniam et al. do not explicitly show that 'the access key being generated 
by the database access control apparatus based on a user ID of the user apparatus'. 

Guthrie et al. discloses in their invention 'the access key being generated by the database 
access control apparatus based on a user ID of the user apparatus (see e.g. col. 5 lines 48-64 
and , note that 'communication session including user ID' refers as 'access key' is stored 
session data, where database server accesses the information of session data and 
stores in a context 'data stmcture' refers as 'storing part')'; and 

Subramaniam et al. and Guthrie et al. are analogous art because they are from the same 
field of endeavor of accessing secure data. 

It would have been obvious to one of ordinary skill in the art at the time the invention was 
made to receive an access key and a database access request from the user apparatus as 
taught by Guthrie et al. in order to reduce the cost of managing application by sharing the 
resources. 

Claim 23 recites the limitations of claims 2, thus are rejected for the same reasons stated in 
claims 2 discussed above. 

For claim 3, Subramaniam et al. teach: 
in the database access control apparatus, whether the user apparatus is in a state of being 
connected to the proxy process server apparatus in addition to performing determination of the 
access key (see e.g. col. 8 lines 40-50), and performing the access to the data in the database 
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only if tlie user apparatus is in the state of being connected to the proxy process server 
apparatus (see e.g. col. 8 lines 50-53). 

Claims 6 and 10 recite the limitations of claims 3, thus are rejected for the same reasons stated 
in claims 3 discussed above. 

Regarding claim 5, Subramaniam et al. teach: 
A database access control apparatus for performing access control on a database in response 
to a request from a user apparatus through cooperation with a proxy process server apparatus, 
comprising: 

means for instructing the user apparatus to connect to the proxy process server apparatus by 
sending an address of a usable proxy process server apparatus to the user apparatus in 
response to a request from the user apparatus (see e.g.col.3 lines 19-33, col.4 lines 45-50 and 
col.5 lines 38-49, note that in the secure network servers and clients are connected by IP 
link); 

means for performing a process on the database in response to a database process request 

from the proxy process server apparatus (see e.g. col. 10 lines 5-35, note that caching 

perform the process), and sending a process result to the proxy process server apparatus 

(see e.g. col. 10 lines 36-40, note that sending request to the proxy server); 

sending the access key to the user apparatus when sending the address of the proxy process 

server apparatus to the user apparatus (see e.g. col. 1 1 lines 14-21); 

means for receiving the access key and the database process request from the proxy process 

sever server apparatus (see e.g. col. 11 lines 40-67, note that 'session identifier" refers here 

as 'access key'), and 
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determining whether an access key the same as the access key received from the proxy 
process server apparatus exists in the storing part (see e.g. col. 8 lines 47-57 and col. 11 lines 
65-67 and col. 12 lines 33-46, note that border server notify user if ' access key' refers as 
user name and password' are validated by the authentication system within the secure 
network); and means for executing an access to data in the database within a limit permitted for 
the user ID corresponding to the access key only if the access key exists in the storing part (see 
e.g. col. 10 lines 56-67 to col. 1 1 lines 1-2 and lines 34-39). 

However, Subramaniam et al. do not ecplicitly show, 'the access key being generated by 
the database access control apparatus based on a user ID of the user apparatus'; 

Guthrie et al. discloses in their invention 'the access key being generated by the database 
access control apparatus based on a user ID of the user apparatus (see e.g. col. 5 lines 51-64 
and , note that 'communication session including user ID' refers as 'access key' is stored 
session data, where database server accesses the information of session data and 
stores in a context 'data stmcture' as 'storing part')'; and 

Subramaniam et al. and Guthrie et al. are analogous art because they are from the same 
field of endeavor of accessing secure data. 

It would have been obvious to one of ordinary skill in the art at the time the invention was 
made to receive an access key and a database access request from the user apparatus as 
taught by Guthrie et al. in order to reduce the cost of managing application by sharing the 
resources. 
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Claim 9 recites tlie limitations of claims 5, thus are rejected for the same reasons stated in 
claims 5 discussed above. 

For claim 14, Subramaniam et al. teach: 
ovenA/riting or erasing, in the database access control apparatus, the access key stored in the 
storing part after performing the process on the database in response to the database process 
request from the proxy server apparatus (see e.g. col. 8 lines 58-67 and col. 9 lines 1-10). 

Claims 17 and 20 recite the limitations of claims 15, thus are rejected for the same reasons 
stated in claims 14 discussed above. 

For claim 15. Subramaniam et al. teach: 
overwriting or erasing, in the database access control apparatus, the access key stored in the 

storing part when the database access control apparatus is accessed by the user apparatus 

next (see e.g. col. 8 lines 58-67 and col. 9 lines 1-10). 

Claims 18 and 21 recite the limitations of claims 15, thus are rejected for the same reasons 
stated in claims 15 discussed above. 

For claim 16, Subramaniam et al. teach: 
ovenA/riting or erasing, in the database access control apparatus, the access key stored in the 
storing part when the database access control apparatus receives a next request from the user 
apparatus (see e.g. col. 8 lines 58-67 and col. 9 lines 1-10). 
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Claims 19 and 22 recite the limitations of claims 16, thus are rejected for the same reasons 
stated in claims 16 discussed above. 



Conclusion 

6. Applicant's amendment necessitated the new ground(s) of rejection presented in this 
Office action. Accordingly. THIS ACTION IS MADE FINAL. See MPEP 

§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 
1.136(a). 

7. A shortened statutory period for reply to this final action is set to expire THREE MONTHS 
from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the 
mailing date of this final action and the advisory action is not mailed until after the end of the 
THREE-MONTH shortened statutory period, then the shortened statutory period will expire on 
the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1 .136(a) will 
be calculated from the mailing date of the advisory action. In no event, however, will the 
statutory period for reply expire later than SIX MONTHS from the date of this final action. 

8. The examiner requests, in response to this Office action, support be shown for language 
added to any original claims on amendment and any new claims. That is, indicate support for 
newly added claim language by specifically pointing to page(s) and line no(s) in the specification 
and/or drawing figure(s). This will assist the examiner in prosecuting the application. 



Application/Control Number: Page 12 

10/622,552 

Art Unit: 2163 

9. When responding to this office action, Applicant is advised to clearly point out the 
patentable novelty which he or she thinks the claims present, in view of the state of the art 
disclosed by the references cited or the objections made. He or she must also show how the 
amendments avoid such references or objections See 37 CFR 1.111(c). 

Any inquiry conceming this communication or earlier communications from the examiner 
should be directed to Andalib F. Lpdhi whose telephone number is (571) 270-1759. The 
examiner can normally be reached on Monday-Friday, 9:00am-5:00pm, EST Alt Friday off. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Don Wong can be reached on (571) 272-1834. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published 
applications may be obtained from either Private PAIR or Public PAIR. Status information 
for unpublished applications is available through Private PAIR only. For more information 
about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on 
access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866- 
217-9197 (toll-free). If you would like assistance from a USPTO Customer Service 
Representative or access to the automated information system, call 800-786-9199 (IN USA 
OR CANADA) or 571-272-1000. 



January 11th, 2007 




